216.73.216.133

CVE-2026-9082

· Published 20/05/2026 20:16 · Modified 21/05/2026 15:24

Labels: CVE-2026-9082 2026-05-20CVE-2026-9082CWE-89[email protected]

Essential information

Published
20/05/2026 20:16
Modified
21/05/2026 15:24
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
drupal / drupal core cpe:2.3:a:drupal:drupal_core:8.9.0-10.4.10:*:*:*:*:*:*:*
drupal / drupal core cpe:2.3:a:drupal:drupal_core:10.5.0-10.5.10:*:*:*:*:*:*:*
drupal / drupal core cpe:2.3:a:drupal:drupal_core:10.6.0-10.6.9:*:*:*:*:*:*:*
drupal / drupal core cpe:2.3:a:drupal:drupal_core:11.0.0-11.1.10:*:*:*:*:*:*:*
drupal / drupal core cpe:2.3:a:drupal:drupal_core:11.2.0-11.2.12:*:*:*:*:*:*:*
drupal / drupal core cpe:2.3:a:drupal:drupal_core:11.3.0-11.3.10:*:*:*:*:*:*:*

References